Tools for AppSec

A toolbox for when you don't have a budget

WebBrowser-based security tooling
CLITerminal-native tooling
VS CodeEditor native tooling

Key Features

Everything you need to secure your applications

Vulnerability Scanning

Detect common security flaws in your codebase before they become problems.

Fast Analysis

Get results in seconds, not minutes. Designed for rapid iteration.

Secrets Detection

Find exposed API keys, tokens, and credentials in your repository.

SAST Support

Static analysis for JavaScript, TypeScript, Python, and more.

Dependency Audit

Check your packages for known vulnerabilities and outdated versions.

CI/CD Ready

Integrate seamlessly into your existing development pipeline.

Get notified when we launch new tools

Questions & Answers

Common questions about the toolbox

Yes. All tools are open source and free to use. There are no hidden costs, premium tiers, or feature gating. The goal is to make application security accessible to everyone.

Currently we support JavaScript, TypeScript, Python, Go, and Java. More languages are being added regularly based on community feedback and contributions.

Absolutely. The CLI tool is designed to integrate seamlessly with GitHub Actions, GitLab CI, Jenkins, and other popular CI/CD platforms. Check the documentation for setup guides.

The extension runs scans in real-time as you code, highlighting potential security issues directly in your editor. It uses the same detection engine as the CLI tool.

No. All analysis runs locally on your machine. Your code never leaves your environment. The web tool processes everything client-side using WebAssembly.

Contributions are welcome! Check out the GitHub repository for contribution guidelines. You can help by reporting bugs, suggesting features, or submitting pull requests.

open source · no vendor lock-in · no credit card